Don't Be an Unwitting Collaborator
Discovering tunneling activity is difficult and requires vigilance and diligence.
Tunneling by itself via VPN, proxy, or other methods is not inherently bad. Employees, business partners, vendors, and others may legitimately need access to a central LAN, WAN, or enterprise in order to move data back and forth in a secure fashion.
But technological solutions alone are not sufficient to manage tunneling.
A cyberterrorist who has already breached your security may not only use a tunnel to pass data out of an organization but can also create an encrypted tunnel that comes into the organization, allowing other miscreants access to what should be protected and confidential information. That means that your human firewall needs to be protected and strengthened as well.